package com.mmm.station.security.interceptor;

import com.mmm.station.security.annotation.Power;
import com.mmm.station.security.method.Subject;
import com.mmm.station.security.session.SessionUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.List;

/**
 * Created by mmm on 2016/11/21.
 */

public class SecurityInterceptor implements HandlerInterceptor{

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
//        request.getSession().setMaxInactiveInterval(60);
//        Method method = o.getClass().getMethod();
        HandlerMethod handler = (HandlerMethod) o;
        Method method = handler.getMethod();
        boolean flag = isCheckLimit(request,method);
//        System.out.println("我的安全管理");
        if (flag){
//            request.getRequestDispatcher("aa.html").forward(request,response);
//            response.sendRedirect("aa.html");
            String responseType = Subject.getInstance().getManager().getResponseType();
            if( responseType != null){
                if (responseType .equals("json")){
                    response.setContentType("application/json; charset=utf-8");
                    PrintWriter printWriter = response.getWriter();
                    printWriter.println(Subject.getInstance().getManager().getPermissionJsonContent());
                    printWriter.close();
                }else {
                    request.getRequestDispatcher(Subject.getInstance().getManager().getPermissionDispatcherPath()).forward(request,response);
                }
            }
            request.getRequestDispatcher("mError.html").forward(request,response);
            return false;
        }


        return true;

    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {

    }


    public boolean isCheckLimit(HttpServletRequest request, Method method) {
        if(method==null){
            return false;
        }

        //获取当前的登陆用户
        Object user = SessionUtils.getInstance().getAuthInfo();


        List<String> hasRole = SessionUtils.getInstance().getRoles();
        List<String> hasPermission = SessionUtils.getInstance().getPermissions();

        //判断用户请求的method上面是否存在注解
        boolean isAnnotationPower= method.isAnnotationPresent(Power.class);

        //不存在注解
        if( ! isAnnotationPower){
            return false;
        }

        //存在注解,拿到由Limit类写的注解
        Power limit=method.getAnnotation(Power.class);

        //获取注解上的值
        String[] needRole=limit.needRole();  //角色
        String[] needPermission=limit.needPermission();  //权限

        System.out.println(needRole.length);
        System.out.println(needPermission.length);
        if (needRole.length ==0 && needPermission.length == 0){
            return false;
        }else if(needRole.length == 0 && needPermission.length != 0){
            if (hasPermission == null){
                return true;
            }
            if (hasPermission.containsAll(Arrays.asList(needPermission))){
                return false;
            }
        }else if (needRole.length !=0 && needPermission.length ==0){
            if (hasRole == null){
                return true;
            }
            if (hasRole.containsAll(Arrays.asList(needRole))){
                return false;
            }
        }else {
            if (hasRole == null || hasPermission == null){
                return true;
            }else {
                if (hasRole.containsAll(Arrays.asList(needRole)) && hasPermission.containsAll(Arrays.asList(needPermission))){
                    return false;
                }
            }
        }
        return true;
    }



}
